To prevent these types of "essays" from being written into your database logs, developers use several layers of defense:
: By injecting ten NULL values, the attacker is essentially asking the database, "Do you have ten columns?" If the page loads normally, the answer is "yes." To prevent these types of "essays" from being
: The attacker is attempting to determine the number of columns being returned by the original query. They add NULL values until the database stops returning an error, which reveals the table's structure. To prevent these types of "essays" from being
: The attacker finds an input field—perhaps a search bar or a login box—that isn't properly "sanitized" (cleaned of special characters). To prevent these types of "essays" from being